Security Advisory: TrueCrypt Insecure or Website Hacked?

TrueCrypt is relied by many security professionals worldwide to create encrypted volumes in which to store sensitive information. It also recently passed the First Phase of an independent security audit and is still being recommended by security expert Bruce Schneier. It is noted that even Edward Snowden used TrueCrypt which was one of the reasons that prompted the security audit.

Therefore it’s highly puzzling when TrueCrypt’s main website started informing its users that it’s insecure and to switch to Windows’ BitLocker instead:

Various news articles are covering it such as NeoWin and PCWorld and there are some who suspect that it is a website hack given the abrupt nature of the notice.

It is noted that Matthew Green, one of the people who worked on the security audit, tweeted that he believed it was a legitimate exit by the developers and not a website hack. It is noted however that he has not heard back officially from the TrueCrypt dveveloper. More concerning is that suspicious behavior is being observed with the latest version of TrueCrypt 7.2 which is reported to show unusual network activity.

We will keep you posted as the news rolls in but it is probably best NOT to update to the latest TrueCrypt 7.2 for the moment until we receive official word on what is happening. You can also view Neowin’s discussion thread on this.

Update 29 May 2014 2:43 PM:
Their unofficial IRC channel on Freenode shows the following topic:

* Now talking in #truecrypt
* Topic is ‘Unofficial TrueCrypt channel | Site is potentially compromised so please excercise due diligence before downloading and installing | For now, we don’t know any more than you do.’
* Set by tomaw!tom@freenode/staff/tomaw on Thu May 29 05:32:12

Also it is further noted that whoever did this had the TrueCrypt signing key and signed the new software with it but it is peculiar that they would recommend a Microsoft encryption product like BitLocker.

It is unclear whether the TrueCrypt developers were compromised or if this is all part of an elaborate plan to end development of the widely used tool. Forbes will continue to cover this unfolding story as more information becomes available.